[package] base-files: add permission exceptions, do not clobber shadow permissions...

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@32073 3c298f89-4303-0410-b956-a3cf2f4a3e73

diff --git a/include/image.mk b/include/image.mk
index 473e391..b0d6dfa 100644 (file)
--- a/include/image.mk
+++ b/include/image.mk
@@ -142,7 +142,7 @@ endif
 
 define Image/mkfs/prepare/default
        # Use symbolic permissions to avoid clobbering SUID/SGID/sticky bits
-       - $(FIND) $(TARGET_DIR) -type f -not -perm +0100 -not -name 'ssh_host*' -print0 | $(XARGS) -0 chmod u+rw,g+r,o+r
+       - $(FIND) $(TARGET_DIR) -type f -not -perm +0100 -not -name 'ssh_host*' -not -name 'shadow' -print0 | $(XARGS) -0 chmod u+rw,g+r,o+r
        - $(FIND) $(TARGET_DIR) -type f -perm +0100 -print0 | $(XARGS) -0 chmod u+rwx,g+rx,o+rx
        - $(FIND) $(TARGET_DIR) -type d -print0 | $(XARGS) -0 chmod u+rwx,g+rx,o+rx
        $(INSTALL_DIR) $(TARGET_DIR)/tmp

diff --git a/package/base-files/Makefile b/package/base-files/Makefile
index 68c8e02..88167b7 100644 (file)
--- a/package/base-files/Makefile
+++ b/package/base-files/Makefile
@@ -470,6 +470,10 @@ define Package/base-files/install
        ln -sf /tmp $(1)/var
        mkdir -p $(1)/etc
        ln -sf /tmp/resolv.conf /tmp/fstab /tmp/TZ $(1)/etc/
+
+       chmod 0600 $(1)/etc/shadow
+       chmod 1777 $(1)/tmp
+
        $(call ImageConfigOptions,$(1))
        $(call Package/base-files/install-target,$(1))
        for conffile in $(1)/etc/config/*; do \